Daily Digest

AT&T Probes 70M Record Breach, CISA Warns of Cloud Zero-Day, and ICS Attacks Rattle Energy Sector

AT&T Probes 70M Record Breach, CISA Warns of Cloud Zero-Day, and ICS Attacks Rattle Energy Sector

March 29, 2026
11 articles (9 new, 2 updated)
33 min read

Summary

This cybersecurity briefing for March 29, 2026, covers a tumultuous period marked by several high-impact incidents. AT&T is investigating a massive data breach with 70 million customer records leaked on the dark web. Simultaneously, CISA has issued an emergency directive for "BridgeSiphon," a critical zero-day vulnerability affecting hybrid cloud environments. The energy sector faced a destructive cyber-physical attack on battery storage facilities, while new malware strains like "CloudSweep" and "AudioSignature Hijack" demonstrate evolving attacker tactics. These events, coupled with ongoing nation-state activity and supply chain threats, underscore a rapidly escalating and diversifying threat landscape requiring immediate attention from all organizations.

Filter by Category

New Articles (9)

CISA Warns of "BridgeSiphon" Zero-Day Exposing Passwords in Hybrid Cloud Sync

CRITICAL

CISA Issues Emergency Directive for "BridgeSiphon" Zero-Day Vulnerability in Hybrid Cloud Interfaces

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released an emergency directive concerning "BridgeSiphon," a critical zero-day vulnerability impacting hybrid cloud environments. The flaw, found in a widely used data synchronization protocol, allows attackers to intercept and exfiltrate plaintext passwords as data moves between on-premise and cloud infrastructure. This poses a severe risk of credential theft, lateral movement, and widespread system compromise. The directive mandates immediate action from all federal agencies to audit their hybrid connections and apply mitigations while a permanent patch is developed.

March 29, 2026
5 min read
zero-dayBridgeSiphonCISAhybrid cloudcredential theft +1 more
CISA Warns of "BridgeSiphon" Zero-Day Exposing Passwords in Hybrid Cloud Sync
Vulnerability
Cloud Security
Threat Intelligence

AT&T Probes Massive Data Breach as 70 Million Customer Records Surface on Dark Web

HIGH

AT&T Investigates Alleged Data Breach Affecting 70 Million Customers After Data Appears on Dark Web

Telecommunications giant AT&T has launched a full-scale investigation after a database containing the sensitive personal information of approximately 70 million current and former customers was leaked on a dark web forum. The dataset, which reportedly dates back to 2021, includes highly sensitive PII such as Social Security numbers, dates of birth, and home addresses. The breach places millions at significant risk of identity theft, financial fraud, and targeted phishing campaigns. AT&T is advising customers to monitor their accounts and has stated it will offer credit monitoring services.

March 29, 2026
4 min read
AT&Tdata breachPIISSNdark web +1 more
AT&T Probes Massive Data Breach as 70 Million Customer Records Surface on Dark Web
Data Breach
Threat Intelligence
Phishing

Serbian Clinic's Patient Data Leaked by Ransomware Group After Refusing to Pay

HIGH

Highly Sensitive Patient Data from Serbian Gynecology Clinic Leaked on Dark Web Following Ransomware Attack

In a severe violation of patient privacy, a Serbian gynecology clinic has had its entire patient database leaked on the dark web. The data dump occurred after the clinic refused to pay a ransom demand from a cybercriminal group that had encrypted its systems. The leaked information includes names, contact details, and extremely sensitive clinical notes, placing thousands of patients at risk of blackmail and public exposure. The incident underscores the ruthless tactics of modern ransomware gangs targeting the healthcare sector and the devastating real-world consequences of such attacks.

March 29, 2026
4 min read
ransomwarehealthcaredata breachpatient datadark web +1 more
Serbian Clinic's Patient Data Leaked by Ransomware Group After Refusing to Pay
Ransomware
Data Breach
Cyberattack

Major Data Leak at Malaysian Car Park Operator Imej Parking Exposes Government Data

HIGH

Imej Parking Data Leak in Malaysia Exposes MySQL Database with Corporate and Government Data

Imej Parking Sdn Bhd, a major car park operator in Malaysia, has suffered a significant data breach after a large MySQL database was found exposed on the internet. The leak, attributed to a server misconfiguration, contains a wide array of sensitive information, including the company's internal records, customer data, and, most critically, data related to its government contracts. This third-party breach highlights the cascading risks within supply chains, as the exposure of a vendor's data has led to a potential compromise of government information. Malaysian authorities have been alerted and are assessing the full scope of the incident.

March 29, 2026
4 min read
data leakmisconfigurationMySQLsupply chaingovernment data +1 more
Major Data Leak at Malaysian Car Park Operator Imej Parking Exposes Government Data
Data Breach
Supply Chain Attack
Cloud Security

Global Cyber Incidents Surge: State-Sponsored Attacks, Financial Fraud, and AI-Powered Malware on the Rise

INFORMATIONAL

State-Sponsored Attacks and Sophisticated Fraud Schemes Drive Surge in Global Cybersecurity Incidents

The global threat landscape is experiencing a significant escalation, with a notable surge in diverse and sophisticated cyberattacks over the past 24 hours. Key trends include state-sponsored actors, allegedly linked to China, targeting critical telecommunications infrastructure in nations like Canada, with the threat actor ShinyHunters implicated in a breach at Telus. Concurrently, attackers are evolving their TTPs, leveraging AI for more adaptive malware and increasingly targeting operational technology (OT) to threaten physical safety. This convergence of geopolitical espionage, high-tech criminal activity, and threats to critical infrastructure signals a new, more dangerous phase in cybersecurity.

March 29, 2026
4 min read
state-sponsoredthreat intelligenceShinyHuntersTelusOT security +1 more
Global Cyber Incidents Surge: State-Sponsored Attacks, Financial Fraud, and AI-Powered Malware on the Rise
Threat Intelligence
Cyberattack
Threat Actor

Warning to Developers: Malicious Logic Bombs Found in Popular IDE Extensions

HIGH

Malicious Logic Bombs Designed to Lock Systems Found Hidden in Popular IDE Coding Extensions

A significant software supply chain threat has emerged as security researchers have discovered malicious logic bombs hidden within several popular coding extensions for Integrated Development Environments (IDEs). The malicious code is designed to remain dormant until a specific future timestamp. Upon activation, the payload triggers and locks the host system, effectively rendering the developer's machine unusable. This attack vector targets developers directly through the trusted tools they use daily, raising serious concerns about the security of third-party extension marketplaces and the software development lifecycle itself.

March 29, 2026
4 min read
logic bombsupply chain attackIDEdeveloper toolsmalware +1 more
Warning to Developers: Malicious Logic Bombs Found in Popular IDE Extensions
Supply Chain Attack
Malware
Threat Intelligence

New Android Trojan "AudioSignature Hijack" Eavesdrops on Conversations Using Vibration Sensors

HIGH

"AudioSignature Hijack 2.0" Android Trojan Bypasses Mic Permissions to Eavesdrop via Vibration Sensors

Mobile security researchers have uncovered a highly sophisticated Android Trojan, dubbed "AudioSignature Hijack 2.0," that employs a novel technique to eavesdrop on conversations without requesting microphone permissions. The malware leverages the device's built-in vibration sensors (accelerometers) to detect microscopic vibrations caused by sound waves in the surrounding environment. A complex algorithm then processes this sensor data to reconstruct the audio, allowing attackers to spy on users' conversations covertly. This side-channel attack represents a significant threat to mobile privacy, as it bypasses a fundamental security control in the Android operating system.

March 29, 2026
4 min read
Androidmalwaretrojanside-channel attackprivacy +1 more
New Android Trojan "AudioSignature Hijack" Eavesdrops on Conversations Using Vibration Sensors
Malware
Mobile Security
Threat Intelligence

Coordinated Cyber-Physical Attack on North American Battery Storage Facilities Causes Physical Damage

CRITICAL

Cyberattack on Lithium Battery Storage Facilities Uses Harmonic Resonance to Destroy Transformers

A highly sophisticated cyber-physical attack has targeted multiple lithium battery storage facilities across North America, resulting in significant physical damage to critical energy infrastructure. Attackers demonstrated a deep understanding of electrical engineering by gaining remote access to the facilities' Industrial Control Systems (ICS) and manipulating voltage settings. They carefully modulated the voltage to create harmonic resonance, a condition that caused substation transformers to overheat and fail catastrophically. This incident is a chilling real-world example of how digital intrusions can be leveraged to cause tangible, destructive effects, raising urgent concerns about the security of the modern power grid.

March 29, 2026
5 min read
ICSSCADAcyber-physicalcritical infrastructureenergy +1 more
Coordinated Cyber-Physical Attack on North American Battery Storage Facilities Causes Physical Damage
Industrial Control Systems
Cyberattack
Threat Intelligence

G20 Nations Sign Landmark Data Sovereignty Protocol to Govern Cross-Border Data Flows

INFORMATIONAL

G20 Nations Agree to New Data Sovereignty Protocol Amidst Rising Global Cyber Threats

In a significant move towards international cooperation on digital governance, the G20 nations have signed a new data sovereignty protocol. The non-binding agreement, finalized on March 28, 2026, aims to create a common framework for the secure and responsible transfer of data across borders. It seeks to balance the economic benefits of the free flow of data with the growing need for robust data protection, privacy, and national security. The protocol establishes key principles like data minimization and purpose limitation, representing a critical diplomatic step in harmonizing global data governance policies amidst escalating cyber threats.

March 29, 2026
4 min read
G20data sovereigntydata privacyregulationpolicy +1 more
G20 Nations Sign Landmark Data Sovereignty Protocol to Govern Cross-Border Data Flows
Policy and Compliance
Regulatory

Updated Articles (2)

Middle East Cyber Conflict Escalates Following Military Strikes on Iran

HIGH

U.S.-Israel Strikes on Iran Trigger Wave of Retaliatory Cyberattacks Across Middle East

Update:

The pro-Iranian hacktivist group Handala, previously active in the Middle East cyber conflict, has claimed responsibility for a cyberattack against US-based medical technology company Stryker. This incident signifies an expansion of the ongoing geopolitical cyber warfare, with Iranian-linked actors now actively targeting the US healthcare sector. The attacks, characterized by disruption and intimidation rather than financial gain, highlight the vulnerability of critical infrastructure to state-aligned hacktivism. This development indicates a broadening of the conflict's geographical and sectoral scope, raising the overall threat level for US critical infrastructure.

March 1, 2026
Updated: March 29, 2026
5 min read
GeopoliticsHacktivismDDoSDefacementWiper Malware
Middle East Cyber Conflict Escalates Following Military Strikes on Iran
Cyberattack
Threat Actor
Industrial Control Systems

Cloud Sweep Group's "Phase 30" Attack Embeds Ransomware in Cold Storage Backups, Defeating Recovery Efforts

HIGH

Cloud Sweep Group Unleashes "Phase 30" Attacks on Cold Storage Backups

Update:

CloudSweep has evolved its tactics to encrypt entire virtual disk files (e.g., VMDK, VHDX) instead of individual files. This new method is faster, more destructive, and significantly complicates recovery efforts, as traditional file-level backups are insufficient. Attackers gain access to hypervisor management, identify datastores, and encrypt the underlying VM disk files, leading to extended downtime and increased pressure to pay. This represents a significant escalation in their tactics, requiring organizations to focus on volume-level and immutable backups, and securing the virtualization management plane.

March 22, 2026
Updated: March 29, 2026
4 min read
RansomwareCloud SweepBackupDisaster RecoveryInhibit System Recovery +1 more
Cloud Sweep Group's "Phase 30" Attack Embeds Ransomware in Cold Storage Backups, Defeating Recovery Efforts
Ransomware
Threat Actor
Supply Chain Attack

📢 Share This Publication

Help others stay informed about cybersecurity threats